Further Information
Payments
|
Policies & Issues: Payments
PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)
|
|
PCI has been introduced following a number of high profile cases in the USA where literally thousands of card details were stolen. The Standard mandated by Visa and MasterCard is designed to safeguard consumers from identity theft through the misuse of their card details.
The programme is mandatory, although has different requirements depending on the transaction numbers that individual retailers process. Retailers not compliant are now liable to substantial fines and risk being permanently barred from card acceptance programmes.
The Standard is defined by the major card schemes (MasterCard, Visa, and American Express) to promote the secure and protected storage of cardholder data. The Standard not only covers security of merchant networks and infrastructure but also defines what cardholder date may be retained and how it may be held (e.g. encrypted).
PCI reflects the real value of BRC membership as this programme was introduced with little reference to project disciplines - made all the more frustrating in that lessons learnt from the successful implementation of Chip and PIN appear not to have been taken on board. The BRC, through the work of the Payment Working Group have represented these issues in all relevant forums and has been successful in bringing in more realistic timeframes for implementation and an understanding that the Standard needs to be modified for non American markets which unlike the States already have security measures in place – such as Chip and Pin.
As a result retailers are at various stages in assessing the costs and resources associated with meeting compliance and continued dialogue with various stakeholders will remain essential.
|
|
 back
|
